FBI Director James Comey is urging Congress to take up the topic of encryption -- setting up a potentially historic debate on Capitol Hill over whether U.S. tech firms can be required to bake into their technology ways for law enforcement to legally access users' e-mails, texts and other digital communications.
In remarks at the Brookings Institution on Thursday, Comey used the phrase "going dark" to describe the decisions by companies like Apple and Google to encrypt by default more and more of their services. (Comey recalled his response when he learned of those decisions: "Holy cow.") The problem, Comey argued, is that the process locks away for good some data that could be useful to law enforcement as it fights crime.
The argument against that notion? That any time you create a means of access for law enforcement -- what Comey called a "front door" that the FBI can use "with clarity and transparency" -- it increases the chances that those with ill-intentions can get at that same data.
It's a complicated dynamic, and Comey appeared eager to punt the confusion over to Congress. He called for the House and Senate to begin rethinking the Communications Assistance for Law Enforcement Act, better known as CALEA, which empowers the FBI to access electronic communications. The 20-year old law, Comey argued, should require companies big and small to build into their systems "lawful intercept capabilities" that aren't stymied by encryption.
One serious hiccup, though, is that plopping itself between domestic law enforcement and the increasingly politically powerful and culturally celebrated tech sector -- one largely embodied by Google and Apple -- isn't something that Congress is eager to do.
Asked for comment on Comey's call for CALEA reconsideration, a spokesperson for Sen. Patrick Leahy (D-Vt.), the powerful chairman of the Senate Judiciary Committee, shot back nearly immediately: "Right now, Senator Leahy's top focus is passing the USA Freedome Act in November." (That bill is aimed at restricting the investigative powers of the National Security Agency and others in the intelligence sector, not domestic law enforcement.)
Leahy's Republican counterpart, ranking member Sen. Charles Grassley of Iowa, noted in a statement that, "Director Comey acknowledged that it’s a delicate balancing act." He is, the senator added, "reviewing this issue carefully."
Google, though, was more forceful in its take on the day's events. "Encryption is simply the 21st century method of protecting personal documents," a company spokesperson said in a statement, "and we intend to provide this added security to our users while giving law enforcement appropriate access when presented with a warrant." (Apple did not respond to a request for comment on Comey's remarks.)
Tech giants like Google recognize that their user bases outside the United States are growing and are central to their future prospects. They're not eager, as one audience member described it to Comey during the Brookings talk, to be seen selling an "NSA/FBI-ready iPhone" in Europe and other parts of the world. "I don't think I'd market it as "FBI/NSA-ready," the FBI director responded.
That global footprint and the public cachet of Google, Apple and fellow American tech giants, indeed makes this debate different than the crypto wars of the past, says professor Lance J. Hoffman, director of George Washington University's Cyber Security Policy and Research Institute. But still, we've largely been here before, noted the author of a book on government-directed digital access called "Building in Big Brother," published in 1995. "It's the same issues," Hoffman said. "They haven't changed. It's a classic equation."
And so, at Brookings, Hoffman called on Comey to finally start a public conversation around the cost-benefit analysis of forced de-encryption, taking into consideration all the factors that make the 2014 version of the debate unique -- from Edward Snowden to the impact on cloud-computing companies around the world.
It won't be easy, Hoffman admitted. "It's hard to put a value on intangibles."
And Thursday's session with Comey made crystal clear why the FBI is eager to have lawmakers be the ones to wrestle with the nitty-gritty of encryption: It's complicated. Again and again, Comey was asked how companies would build in access to encrypted systems that only allows that access under legal circumstances. Again and again, Comey insisted that he didn't know yet.
"I'm not smart enough technically to figure out how that might work," Comey said at one point. And at another, "I haven't gamed this out completely."
Comey, though, is eager for those on Capitol Hill to do the figuring. "I totally understand the market imperative" of decisions like those of Apple and Google to offer customers encryption by default, he said, adding for emphasis, "I get it." But, he said, Congress has to decide that "we as a society are willing to have American companies take that hit."
That's far easier, though, for the FBI director to say than for Congress to mandate. And so Capitol Hill is going to likely find itself stuck between the FBI and Google. And neither looks ready to back down.